Quickstart: Set up OpenID in the Genero Application Server

Follow these steps to quickly set up OpenID for your Genero Application Server and Genero Web Client applications.

Preparation

Before using OpenID with the Genero Application Server, you must perform following steps:
  1. Create one or more OpenID users using an OpenID provider.
  2. If your GAS is located behind a proxy, configure the proxy in the OpenID fglprofile, located in $FGLDIR/web_utilities/services/openid/res. Uncomment and set values for the entry proxy.http.location.
  3. Start your dispatcher (if needed).

Add OpenID SSO to a Genero Web Client application

Do the following steps to add OpenID SSO to a Genero Web Client application:
  1. Add the DELEGATE tag to all Genero Web Client applications requiring SSO.
    <APPLICATION Parent="defaultgwc">
      <EXECUTION>
        <PATH>$(res.path.mypath)/myapplication</PATH>
        <MODULE>myapp.42r</MODULE>
        <DELEGATE service="services/OpenIDServiceProvider" />
      </EXECUTION>
    </APPLICATION>    
  2. Add a PROVIDER tag to indicate which identity provider to use for the application.
    <APPLICATION Parent="defaultgwc">
      <EXECUTION>
        <PATH>$(res.path.mypath)/myapplication</PATH>
        <MODULE>myapp.42r</MODULE>
        <DELEGATE service="services/OpenIDServiceProvider">
          <PROVIDER>google.com</PROVIDER>
        </DELEGATE>
      </EXECUTION>
    </APPLICATION>    

    If a provider is not defined, a page with the list of available ID providers is displayed.

Execute a Genero Web Client application with SSO

To run your Genero Web Client application:

  1. Start your browser and enter the application URL.

    You are prompted to enter your openid.

  2. Click the signin button.

    Your browser is redirected to the OpenID provider.

  3. Enter your credentials.

    If your credentials are valid, your browser is redirected to the Genero Web Client application. The application starts and runs as the entered OpenID user.

    The next time you start the same application - or any application delivered by the same Genero Application Server - you will not be prompted for your credentials. The application will start (and be authenticated for) the same SAML user.
    Tip: Read all of the OpenID topics in the Genero Application Server User Guide for details on features provided by OpenID SSO support in the Genero Application Server, to include attributes gathering or authorization control.